Knowledgebase

Categories

Categories

Sender Verification Failure

What is sender verification and why was an email to me refused ?

WHAT IS SENDER VERIFICATION: Sender Verification is one of the techniques we use to check that incoming email comes from a real or deliverable email address on a mail server that conforms to international email standards called RFCs. It is highly effective in identifying spam and junk email from compromised or bogus mail servers, but can result in occasional genuine email being rejected usually from an announce only email list that lacks a coresponding smtp account or from a sender using an outbound mail gateway server not configured to RFC standards. These failures will appear in your Spam Assassin inbound mail logs as having been marked as SPAM due to SVF.

WHY WE USE IT ? Unfortunately 90-95% of email is spam and junk and only 5-10% is valid and these advanced techniques are necessary to make your mail system a usable communication tool and reduce the junk mail you receive. In addition by identifying the junk at the mail server connection level our spam filters process less junk, run at lower load and our mail queues don't get backed up with junk so we can deliver your inbound email faster.

WHAT HAPPENS: Before passing the inbound email to our Spam Filters, our system does a call-out to the sender's mail server to see if it will accept bounced email for the sender's address. This doubles as a 'sender verification' test. If the remote server does not respond, or signals that it does not accept bounces for that sender or the sender does not exist, your server assumes that the sender address is not valid, and will still accept their email but will flag it as SPAM due to SVF.

A mail server misconfigured in this way:

• Will not accept bounce messages; (mailbox full, server unavailable, recipients using grey-listing )• Will not accept auto-replies;• Will not accept receipt-confirmation messages;• Will not be giving its users a complete service and will likely cause them problems.

WHAT ABOUT EMAIL SVF FAILURES I DON'T WANT MARKED AS SPAM ?

You can add any email address and/or the senders mail server IP address that continually Fails SVF to your whitelist which will bypass the SVF check. Either locate the email in your cPanel Spam Assassin mail logs , view its details and click on the whitelist link or enter it manually in the Spam Assassin / Configuration / Whitelist section. You can add a single email address such as bob@acme.com OR add a wildcard entry such as *@acme.com if there are multiple senders you wish to receive from that domain. See this Tutorial Link on Spam Assassin.

THE TECHNICAL STUFF: Any server that sends mail must accept bounced emails and all servers must reject (bounce) non deliverable to valid envelope senders otherwise a sender would never get NDR (non delivery reports) for things like mailbox not available or mailbox full or Delivery Status Notifications (DSNs) or Message Disposition Notifications (MDNs) or Auto-responders. This is part of the RFC RFC2821 section 3.7 that mandate how email servers are supposed to be setup. ​Sender Verification requires servers to accept mail with an empty sender address, which is part of the mechanism of sender verification and bouncing of messages. The formal requirements can be viewed in sections 3.7 and 4.1.1.2 of RFC 2821 and section 5.2.9 of RFC 1123. The latter states that "An empty reverse path MUST be supported." An SMTP 'MAIL' command is sent using '<>' as an "empty reverse path". This is specifically defined in a formal document, RFC 2821 section 4.1.1.2, as a valid argument for the SMTP 'MAIL' command. The mechanism used is exactly the same as that used to bounce undeliverable messages, and to send delivery receipts and auto-replies. The sender verification mechanism (and by definition the mechanism for bouncing, delivery receipts and autoreplies) depends on this command being accepted and recognized by the remote system.